Submit #653994: Magnetism Studios Endurance 3.3.0 Local Privilege Escalationinfo

Title	Magnetism Studios Endurance 3.3.0 Local Privilege Escalation
Description	Endurance 3.3.0 for macOS installs a privileged helper tool (com.MagnetismStudios.endurance.helper) that exposes an unauthenticated NSXPC interface. Any local user can connect to this interface and invoke sensitive methods without authorization. This allows execution of privileged functionality as root. The most critical method (loadModuleNamed:WithReply:) executes /usr/sbin/chown and /usr/bin/kextutil with attacker-controlled input. With SIP enabled (default), the vulnerability results in local privilege escalation to root. If SIP is explicitly disabled (csrutil disable), an attacker can further abuse this method to load arbitrary kernel extensions, leading to kernel code execution.
Source	⚠️ https://github.com/SwayZGl1tZyyy/n-days/blob/main/Endurance/README.md
User	SwayZGl1tZyyy (UID 88771)
Submission	09/14/2025 03:44 (9 months ago)
Moderation	09/24/2025 10:10 (10 days later)
Status	Accepted
VulDB entry	325691 [Magnetism Studios Endurance up to 3.3.0 on macOS NSXPC Interface com.MagnetismStudios.endurance.helper loadModuleNamed:WithReply missing authentication]
Points	20

Do you know our Splunk app?

Download it now for free!